German cybersecurity chief: Anyone have any evidence of Huawei naughtiness?

We won't be having a word with local firms until then

Germany's top cybersecurity official has said he hasn't seen any evidence for the espionage allegations against Huawei.

Arne Schönbohm, president of the German Federal Office for Information Security (BSI), the nation's cyber-risk assessment agency in Bonn, told Der Spiegel that there is "currently no reliable evidence" of a risk from Huawei.

"For such serious decisions such as a ban, you need evidence," Schönbohm said. Should that change, the BSI will "actively approach German industry" he assured the paper.

Huawei has opened a facility in Bonn, in west Germany, where it shares code and allows Schönbohm's risk assessors to inspect Huawei kit. This is along the same lines as the UK's Huawei Cyber Security Evaluation Centre (HCSEC) in Banbury, informally known as "The Cell", which addresses GCHQ's concerns about backdoors in Huawei products.

This has been running for seven years and the Oversight Board has now produced four annual reports. The most recent, in July, warned that "the Oversight Board can provide only limited assurance that all risks to UK national security from Huawei's involvement in the UK's critical networks have been sufficiently mitigated".

UK's Huawei handler dials back support for Chinese giant's kit in critical infrastructure

HCSEC attempts to replicate Huawei binaries from source code provided by the company to ensure end-to-end scrutiny. It hasn't fully completed this, the Oversight Board said, and also expressed concerns about third-party software (PDF).

"There are no concerns about individual companies," Peter Altmaier, German Federal Minister for Economic Affairs and Energy, confirmed to Reuters on Monday. "But each product, each device must be secure if it is going to be used in Germany."

The Five Eyes states have led concerns against Huawei without citing specific evidence. Australia confirmed in 2013 that it had blocked Huawei from its NBN fibre programme, and in August excluded it from selling 5G gear. A report last month suggested New Zealand companies were being advised to avoid doing deals with Huawei.

Huawei privately bridles at comparisons with the state-owned telco ZTE and can point out that it has been the victim of hacking. In 2014, the New York Times and Der Spiegel reported on "Operation Shotgiant", a multiyear operation by America's National Security Agency (NSA) that infiltrated Huawei's network at its Shenzhen HQ and yielded confidential source code.

"Many of our targets communicate over Huawei produced products, we want to make sure that we know how to exploit these products," one NSA document explained.

"The Huawei revelations are devastating rebuttals to hypocritical US complaints about Chinese penetration of US networks," wrote former DoD counsel Jack Goldsmith.

Deutsche Telekom has a close strategic relationship with Huawei but said it was reviewing matters this week. Orange pledged to continue its relationships with Huawei's European 5G rivals, Nokia and Ericsson.

Which comes as relief for the latter. The UK's O2 is reportedly seeking up to £100m in damages from Ericsson for a bungle that deprived over 30 million customers of data access for 24 hours. ®